package com.woniu.util.config;


import com.woniu.util.handler.*;
import com.woniu.util.service.SecurityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@EnableWebSecurity
//开启注解式鉴权(一般使用prePostEnabled)
@EnableGlobalMethodSecurity(securedEnabled = true,jsr250Enabled=true,prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired(required = false)
    private SecurityService securityService;

    @Autowired
    private LoginSucessHandler loginSucessHandler;

    @Autowired(required = false)
    private JWTFilter jwtFilter;

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
//        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
//        String encode = passwordEncoder.encode("123");
        //自定义用户名和密码
//        auth.inMemoryAuthentication().withUser("admin").password(encode).roles("admin");
        auth.userDetailsService(securityService);
    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    /**
     * 自定义登录页面
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()    //告诉框架自定义页面
                .successHandler(loginSucessHandler)
                .failureHandler(new LoginFailHandler())
              //  .loginPage("/login.html") //登录页面地址
              //  .loginProcessingUrl("/dologin") //对应表单提交的action
                .permitAll();  //对 login.html 和 dologin 放行
        http.exceptionHandling()
                .accessDeniedHandler(new NoAuthHandler())
                .authenticationEntryPoint(new NoLoginHandler());
        /**
         * 把jwtFilter注入进来
         */
        http.addFilterAfter(jwtFilter, UsernamePasswordAuthenticationFilter.class);
        /**
         * 把session禁掉
         */
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        //所有请求都拦截
        http.authorizeRequests()
//                .antMatchers("/hello").hasAnyAuthority("stu:query")
//                .antMatchers("/delete").hasAuthority("delete")
//                .antMatchers("/hello").hasAnyAuthority("stu:query","hello")
//                .antMatchers("/delete").hasRole("stu:query")//角色判定,会自动添加ROLE_前缀,数据库中需要有对应的ROLE_
                  .antMatchers("/customer/**").permitAll()//给customer/login配置免登录方式,即放行

                  .anyRequest().authenticated();


        //跨站脚本攻击关掉
        http.csrf().disable();
//        http.cors();//打开跨域
    }

}
